/**
 * Project Name:saas-service
 * File Name:filter.java
 * Package Name:com.saas.filter
 * Date:2015年8月31日下午2:10:43
 * Copyright (c) 2015, sid Jenkins All Rights Reserved.
 * 
 *
*/

package com.saas.filter;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.web.filter.OncePerRequestFilter;

import com.saas.util.Constant;
import com.saas.util.DataUtils;
import com.saas.util.SaasConfig;

/**
 * 
 * ClassName: ManageFilter 
 * Function: 登录过滤. 
 * date: 2015年8月31日 下午2:11:22 
 *
 * @author sid
 */
public class ManageFilter extends OncePerRequestFilter {
//public class ManageFilter{

	protected void doFilterInternal(HttpServletRequest request,
			HttpServletResponse response, FilterChain filterChain)
			throws ServletException, IOException {
		if (SaasConfig.addAPIFilter) {
			List<String> noFilter = new ArrayList<String>();
			noFilter.add("/apis/manager/login");
			noFilter.add("/apis/manager/logout");
			String url = request.getRequestURI();
			// 执行过滤
			// 从session中获取登录者实体(先不做manager的过滤，增加用户后，再做数据过滤)
			Object user_sessionToken = request.getSession().getAttribute(Constant.user_sessionToken);
			if(!noFilter.contains(url)&&!DataUtils.isNotEmpty(user_sessionToken)){
				//转发到登录页面
				if (url.startsWith("/api/runbaby")) {
					//TODO 可以做一些其他逻辑处理；待确定
				}else{
					response.sendRedirect("/apis/login.html");
				}
				return;
			}else{
				//也可以获取user_roleid来进行权限的验证
			}
		}
		// 如果session中存在登录者实体，则继续
		filterChain.doFilter(request, response);
	}
}


